authenticate to SharePoint through OKTA from back-end service

后端未结

关注

 1  679

被撕碎了的回忆 2021-01-15 09:14

I have a need to programmatically connect to a customer\'s SharePoint server that uses OKTA for authentication. I saw this post which looked promising, but cannot seem to g

1条回答

清酒与你 (楼主)

2021-01-15 09:47

It's possible.

Here is what I did. 1) Get your sessionToken from Okta. You'll need an okta authorization token for that.

2) Do a HttpGet(sharepointEmbeddedLink + "?onetimetoken=" + sessionToken) Also add this header: new BasicHeader(AUTHORIZATION, String.format("SSWS %s", OKTA_AUTHORIZATION_TOKEN);

3) Next you'll have to parse the html response and get the SAML Arguments: WRESULT, WCTX, WA

4) Next do this - take those 3 and create a string in this format "application/x-www-form-urlencoded". It will be something like this "wa=wsign1.0&wctx=somevalue&wresult=somevalue".

        byte[] out = theStringAbove.getBytes;
        int length = out.length;

        URL url = new URL("https://login.microsoftonline.com/login.srf");
        URLConnection con = url.openConnection();
        HttpURLConnection http = (HttpURLConnection) con;

        http.setRequestMethod("POST"); // PUT is another valid option
        http.setDoOutput(true);
        http.setInstanceFollowRedirects(true);
        http.setFixedLengthStreamingMode(length);
        http.setRequestProperty("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8");
        http.setRequestProperty("User-agent", "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.215 Safari/535.1");
        http.connect();
        http.getOutputStream().write(out);

5) You'll have the saml Token in the response. You'll have to parse an html file again.

6) You'll get the sharepoint siteUrl in step3 or 4 and do this next :)

    HttpPost httpPost = new HttpPost(siteUrl + "_forms/default.aspx?wa=wsignin1.0");
    byte[] utf8TokenStringBytes = ("t=" + samlToken).getBytes(StandardCharsets.UTF_8);
    HttpEntity entity = new ByteArrayEntity(utf8TokenStringBytes);
    httpPost.setEntity(entity);
    httpPost.setHeader("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8");
    httpPost.setHeader("User-agent", "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.215 Safari/535.1");

    HttpResponse response = httpclient.execute(httpPost, httpContext);

If everyting is ok, you'll have some cookie headers that you can use :D

0 讨论(0)